Help needed with rasqlinsert

Dave Edelman dedelman at iname.com
Sat Jul 11 18:33:50 EDT 2009 

I have MySql installed and working, and I have the latest version of the
argus clients created with the sql stuff so that I create rasqlinsert. 

 

RaSqlInsert Version 3.0.2.beta.9

usage: rasqlinsert

usage: rasqlinsert [ra-options] [specific-options] [- filter-expression]

         -M <mode>          specify modes

             autoid         use auto-increment for the record id

             cache          use the database table contents as cache

             nodrop         do not delete the table if it exists

         -R <directory>     recursively process argus data files in
directory.

 

         -r <dbUrl>         read argus data to mysql database.

         -w <dbUrl>         write argus data to mysql database.

                            Rasqlinsert will create the database and table

                            if they do not exist.

 

               dbUrl:       mysql://[user[:pass]@]host[:port]/db/table

 

         -s [-][+[]]field   specify fields to print.

               fields:      record

 

 

Starting without the database and table I utter the incantation

 

rasqlinsert -r argus.2009.07.08.09.00.01.gz  -w
mysql://root:XXXXX@localhost/argusData/flowData -M autoid -n \\

-s saddr daddr sport dport proto pkts bytes srcid

 

And MySQL tells me that I now am the proud possessor of both a database and
a table 

 

mysql> desc flowData;

+--------+-------------+------+-----+---------+-------+

| Field  | Type        | Null | Key | Default | Extra |

+--------+-------------+------+-----+---------+-------+

| saddr  | varchar(64) | NO   | PRI | NULL    |       |

| daddr  | varchar(64) | NO   | PRI | NULL    |       |

| sport  | varchar(10) | NO   | PRI | NULL    |       |

| dport  | varchar(10) | NO   | PRI | NULL    |       |

| proto  | varchar(16) | NO   | PRI | NULL    |       |

| pkts   | bigint(20)  | YES  |     | NULL    |       |

| bytes  | bigint(20)  | YES  |     | NULL    |       |

| srcid  | varchar(64) | NO   | PRI |         |       |

| record | blob        | YES  |     | NULL    |       |

+--------+-------------+------+-----+---------+-------+

9 rows in set (0.00 sec)

 

 

Two small(ish) problems, I really did want the primary key to be an
auto-increment value and I really did want a bunch of data in the table. 

 

The file that I am reading is fine, I can use ra -r
argus.2009.07.08.09.00.01.gz  and it spews forth all sorts of data, MySQL
tells me that the table is empty.

 

The original source of the data is a radium instance that is receiving
NetFlow data from a Cisco router. 

 

What am I doing wrong? BTW, rasqlinsert told me that I needed to include -s
srcid because it was part of the primary key L

 

As foolish as this may sound, I want to pop quite a bit of argus data into a
MySQL database to do a bit of mining. 

 

I already have made a few simple tweaks to some existing clients so that
they nicely feed RRDTOOL databases but that's another story.

 

Oh, and if anyone can tell me how to not include the blob, I would be quite
happy to not include it.

 

 

--Dave

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090711/1c69a73d/attachment.html>

More information about the argus mailing list